[00:02.750 --> 00:04.490]  Come on.
[00:06.630 --> 00:07.830]  There we go.
[00:07.830 --> 00:14.650]  Cool. All right. Welcome back, everybody. We have another Q&A with a couple of our speakers today.
[00:14.650 --> 00:19.770]  We are going to be meeting with Rick and Wesley. How are you guys doing today?
[00:20.910 --> 00:23.190]  Good. Good, basically. About good.
[00:24.130 --> 00:28.530]  Awesome. I'm joined by my fellow goon, Pasties. Hey, Pasties.
[00:28.870 --> 00:29.650]  Hey.
[00:30.250 --> 00:34.550]  So, we do have a tradition with DEF CON Talks.
[00:34.590 --> 00:41.070]  We're not going to let something like going virtual stop us from doing it.
[00:41.330 --> 00:45.090]  We have two first-time speakers here at DEF CON.
[00:45.090 --> 00:49.900]  They have been gracious enough to continue the ritual with us of shot the noob.
[00:50.450 --> 00:53.350]  So, gentlemen, thank you very much for joining us at DEF CON.
[00:53.350 --> 00:57.270]  We really appreciate you helping us put out wonderful content.
[00:57.630 --> 00:58.410]  Cheers.
[00:58.410 --> 00:59.450]  Cheers. Congrats.
[00:59.450 --> 01:00.010]  Thank you.
[01:02.270 --> 01:03.210]  All right.
[01:03.690 --> 01:06.310]  Now, let's get down to it.
[01:07.830 --> 01:09.150]  It's a good way to loosen up.
[01:09.430 --> 01:10.310]  Yeah.
[01:10.610 --> 01:11.310]  So, let's see.
[01:11.310 --> 01:12.370]  I'm ready for talking.
[01:12.490 --> 01:13.630]  Me too.
[01:14.490 --> 01:19.890]  All right. So, Rick and Wesley gave us a presentation on hacking traffic lights,
[01:19.890 --> 01:23.490]  which you can see on the YouTube server.
[01:23.490 --> 01:26.710]  So, if you want to check that out, and hopefully you already have.
[01:26.710 --> 01:34.570]  But if you have questions, then you can go into the TrackOneLiveQA channel on Discord and ask the questions there.
[01:35.770 --> 01:39.610]  Rick, do you want to just kind of give just a real quick brief introduction of yourself?
[01:39.610 --> 01:41.410]  And then we'll ask Wesley to do the same.
[01:41.410 --> 01:43.350]  You guys kind of give an overview of your talk.
[01:43.350 --> 01:44.290]  Super quick.
[01:45.290 --> 01:45.970]  Okay.
[01:45.970 --> 01:47.470]  Well, my name is Rick.
[01:48.870 --> 01:53.070]  And I've been a pen tester for seven or eight years now.
[01:53.550 --> 02:02.210]  And together with Wesley and Erik and Theo, we founded a company called Zolder, which is Attic in Dutch.
[02:02.570 --> 02:08.270]  Because that's where we grew up, where we started playing with computers in our attics, having fun.
[02:08.890 --> 02:10.250]  So, that's what we do.
[02:10.250 --> 02:13.230]  And our talk is about smart traffic.
[02:14.470 --> 02:18.090]  And ways we found playing with those apps.
[02:18.510 --> 02:22.710]  You want to manipulate traffic as it flows.
[02:23.610 --> 02:29.090]  And the reason we're here is because we noticed that this is something that's actually happening.
[02:29.090 --> 02:32.810]  We were initially thinking that this is not something that's there yet.
[02:32.810 --> 02:40.970]  And now you can actually see that this is something that's going to be impacting our lives way more than we were currently expecting.
[02:40.970 --> 02:46.390]  We're going to have cars talking to each other, cars talking to traffic lights, all that kind of stuff.
[02:47.010 --> 02:51.350]  So, when we looked at this innovation, we were like, okay, is this future ready?
[02:51.350 --> 02:54.850]  Or is this more like a starting off kind of thing?
[02:54.850 --> 02:59.150]  And, well, we figured that there's still some room for improvement.
[02:59.970 --> 03:01.550]  Excellent. All right.
[03:02.750 --> 03:03.730]  And Wesley?
[03:04.410 --> 03:06.370]  Yeah, well, my name is Jesse.
[03:06.370 --> 03:11.730]  Also, I've been mainly working as a pentester, also seven, eight years.
[03:11.730 --> 03:20.870]  So, that was pentesting customers, advising them on how to fix the issues in a technical way, but also the phishing part of it.
[03:21.550 --> 03:25.050]  Well, and together we started Solr.
[03:25.630 --> 03:29.910]  And at Solr we are doing quite some security research.
[03:29.910 --> 03:32.290]  And this is one of our research projects.
[03:32.290 --> 03:37.890]  Because, yeah, we just like to investigate this kind of innovation.
[03:37.890 --> 03:44.710]  Because, well, it actually surprised me that these kind of innovations are already in such a...
[03:44.710 --> 03:50.590]  Well, they are already in quite a big process on creating this kind of platform.
[03:50.590 --> 03:54.390]  So, that, well, surprised me that it's quite far already.
[03:54.390 --> 03:57.350]  It's still in the beginning, but the ideas are very big.
[03:57.350 --> 04:00.210]  And they are trying to build crazy stuff.
[04:00.210 --> 04:05.930]  Was this something, like a topic that you guys just stumbled upon, or did you have it in the back of your head?
[04:05.930 --> 04:11.930]  Or did you just see, like, the Italian job and you're just like, is that even possible?
[04:12.250 --> 04:16.530]  Well, I mean, if you see that, you're like, immediately, like, I want that, obviously.
[04:16.890 --> 04:22.090]  But I remember very clearly that Leslie was like, oh, look at this.
[04:22.090 --> 04:23.550]  And he showed a video.
[04:24.330 --> 04:29.850]  Yeah, we stumbled upon some articles in the Netherlands that they were telling, explaining
[04:29.850 --> 04:35.770]  that there is an application that allows you to talk to, well, traffic lights, directly or indirectly.
[04:35.770 --> 04:40.070]  And that was just, we just wanted to know, how does this work?
[04:40.070 --> 04:44.410]  Because it was like, okay, so you're going to allow user input to the traffic system.
[04:44.410 --> 04:48.930]  That sounds a little bit scary to me, because probably I can fake this.
[04:48.930 --> 04:53.870]  And, yeah, what would the impact be if we could do that?
[04:53.870 --> 04:56.510]  So that's the reason why we dived into it.
[04:57.070 --> 05:01.530]  Yeah, we investigated it, and it's just fun to play around with it.
[05:01.770 --> 05:03.030]  That's great.
[05:03.090 --> 05:05.410]  So we do have a question from the chat.
[05:06.050 --> 05:10.790]  Was there anything in particular that worried you, especially while you were doing this project?
[05:13.410 --> 05:16.710]  Well, to be honest, no.
[05:17.510 --> 05:24.590]  What I noticed is that we were able to manipulate the system.
[05:24.590 --> 05:27.050]  We could get a green light.
[05:27.210 --> 05:31.890]  But it's not like you can disable local security systems.
[05:31.890 --> 05:37.970]  So let's say you're requesting a green light now at a certain traffic sign.
[05:37.970 --> 05:43.050]  It doesn't mean that the others get ignored, and you don't get priority.
[05:44.170 --> 05:49.130]  As for the impact of our own research, it didn't worry me so much.
[05:49.230 --> 05:56.990]  But what does worry me is how will we, the entire world, implement this better.
[05:57.770 --> 06:07.610]  Because if you're going to have systems talking to each other, that would mean all kinds of vendors talking to each other.
[06:07.610 --> 06:11.610]  All the car vendors would need to have the same standards.
[06:11.810 --> 06:14.610]  All the traffic signs need to go with all the cars.
[06:14.610 --> 06:16.050]  Then it gets weird.
[06:17.210 --> 06:20.890]  When it's that big, it can also get scary.
[06:20.890 --> 06:23.170]  But for now, no.
[06:23.270 --> 06:25.750]  I think that's the most challenging part.
[06:25.750 --> 06:31.630]  A lot of companies have to work together to make this a success.
[06:32.870 --> 06:36.230]  For example, to monitor for abuse on the network.
[06:36.230 --> 06:39.770]  They all have to work together in the same way.
[06:40.070 --> 06:42.610]  So that will be a big challenge.
[06:49.010 --> 06:53.310]  What kind of thing really got you guys interested in this?
[06:53.310 --> 06:57.590]  How did you get started with figuring out that you wanted to look into the traffic lights?
[07:04.540 --> 07:07.340]  Sorry, I had some issues with the connection.
[07:07.460 --> 07:09.860]  Can you repeat it?
[07:09.860 --> 07:10.420]  Sure.
[07:10.940 --> 07:20.200]  What got you interested in this topic that made you want to start looking into how the traffic lights work and how you can interact with them?
[07:21.260 --> 07:26.280]  Yeah, like I said, I was surprised that they are being connected.
[07:26.280 --> 07:30.980]  First, I was surprised that there are even being connected to the internet.
[07:31.400 --> 07:34.940]  That just surprised me and it allows me to input.
[07:35.160 --> 07:38.980]  So I was just curious if we can manipulate this.
[07:39.340 --> 07:41.380]  Well, of course, it's cool.
[07:41.380 --> 07:48.520]  If we would be able to turn a traffic light to green over the internet, that's just fun to do so.
[07:48.520 --> 07:49.560]  Yeah.
[07:50.380 --> 07:57.700]  I mean, like you said, the Italian job, and I think it's in Hackers.
[07:59.380 --> 08:02.780]  That's something that would be extremely cool.
[08:03.180 --> 08:05.960]  We couldn't do it like that, but still.
[08:06.220 --> 08:10.320]  We got a light to go green, so that's already an inspiration.
[08:11.000 --> 08:12.280]  Yeah.
[08:12.700 --> 08:16.180]  So, we got another question from chat.
[08:16.180 --> 08:19.860]  So, your talk primarily mentioned cycling apps.
[08:20.280 --> 08:26.160]  And I do know you guys covered a little bit about privileged roles like ambulances.
[08:26.160 --> 08:27.840]  You briefly mentioned those.
[08:27.840 --> 08:29.560]  I went into how they authenticate.
[08:29.560 --> 08:31.700]  I think that was with the PKI bits.
[08:32.360 --> 08:43.000]  Is there a level of protection difference that you feel was between the messages that you're sending and messages that ambulances are sending?
[08:43.000 --> 08:50.540]  Well, from our perspective, we looked at these apps for cyclists.
[08:50.540 --> 08:55.400]  So, we were able to publish those against web services that were expecting cyclists.
[08:55.620 --> 08:59.840]  And we did try, like, okay, now we're a bus or a tram.
[08:59.840 --> 09:01.080]  It doesn't look what happens.
[09:01.080 --> 09:02.720]  We didn't really notice a difference.
[09:03.380 --> 09:08.640]  That's probably due to the fact that we were talking to a service for cyclists.
[09:09.380 --> 09:14.900]  So, there are systems for ambulances.
[09:15.680 --> 09:16.640]  But those are closed.
[09:16.640 --> 09:23.120]  So, you wouldn't know what security systems are in place currently.
[09:23.120 --> 09:37.540]  But the ITS standard, so the Intelligent Transport System standard, does propose, like, the PKI system where they say, like, okay, you get a certificate.
[09:37.540 --> 09:40.420]  And the certificate describes the roles you have.
[09:40.420 --> 09:45.760]  So, you are allowed to get to do, like, sirens are on and stuff like that.
[09:45.760 --> 09:51.200]  But that's a standard that's not necessarily implemented.
[09:51.200 --> 09:51.560]  Correct.
[09:51.560 --> 09:52.860]  Even if you implement it.
[09:52.880 --> 09:58.300]  Let's say the Dutch government implements this and offers this to the different suppliers here in the Netherlands.
[09:58.660 --> 09:59.060]  Yep.
[09:59.180 --> 10:03.820]  And you go to, I don't know, ambulance builder company, I don't know.
[10:04.000 --> 10:07.120]  And you say, like, okay, you need to be compliant with this standard.
[10:07.120 --> 10:10.980]  They're going to be like, it's a small country, 18 million people, go away.
[10:12.620 --> 10:20.580]  I feel like even, like, an 18 million strong country would be capable of swaying a little bit in that kind of, like...
[10:20.580 --> 10:22.080]  I know sales people.
[10:22.080 --> 10:24.140]  They will work.
[10:24.140 --> 10:25.240]  They will promise it.
[10:25.240 --> 10:25.880]  Yeah.
[10:26.200 --> 10:27.280]  I don't know.
[10:27.400 --> 10:30.020]  Sometimes you put a little bit of pressure on them.
[10:34.300 --> 10:38.880]  There was one application available which we were at least able to download.
[10:38.880 --> 10:39.720]  It was for trucks.
[10:39.720 --> 10:44.680]  So, the trucks would get a green flow, yeah, if you're driving a truck.
[10:44.680 --> 10:48.740]  But the vendors had authentication on that.
[10:48.740 --> 10:52.000]  So, it was still a closed application for us.
[10:52.000 --> 10:54.680]  So, that's the reason why we dived into the cycling.
[10:54.680 --> 10:56.860]  Because that was available for us.
[10:58.960 --> 11:01.500]  So, how widespread is this?
[11:01.500 --> 11:04.220]  Does the cycling app work with, like, any traffic vendors?
[11:04.220 --> 11:06.560]  Is this, like, an international standard that this just works everywhere?
[11:06.560 --> 11:09.360]  Or is this something that, like, a city has to opt into?
[11:09.360 --> 11:13.560]  Or they just have to choose this particular traffic light vendor or something?
[11:14.920 --> 11:15.740]  Do you guys...
[11:16.300 --> 11:18.860]  Well, they are working on the standard.
[11:19.500 --> 11:23.500]  They are replacing all the old traffic light systems for new ones.
[11:23.500 --> 11:24.820]  So, they will be intelligent.
[11:24.820 --> 11:27.380]  And they are capable to talk with each other.
[11:27.500 --> 11:28.280]  That's the goal.
[11:28.280 --> 11:34.320]  But they are still trying to replace all the traffic light systems to be able to do that.
[11:34.940 --> 11:40.900]  So, currently, it's just the vendors doing it on their own traffic light systems.
[11:40.960 --> 11:42.280]  On their own.
[11:42.280 --> 11:47.600]  But the final goal is to be able to talk everyone to everyone.
[11:47.600 --> 11:50.000]  And be compatible with everyone.
[11:50.020 --> 11:54.000]  So, it's not yet cross-vendor.
[11:54.000 --> 11:58.140]  They will try to implement standards so you can actually have your app...
[11:59.120 --> 12:01.260]  That was where my next question was going to go.
[12:01.260 --> 12:04.140]  It's like, how does the cross-vendor stuff work?
[12:04.140 --> 12:07.400]  If this was more than just, like, one system that's doing it.
[12:07.480 --> 12:11.020]  Yeah, I mean, I don't know.
[12:11.020 --> 12:14.240]  This is what surprised me.
[12:14.240 --> 12:16.960]  There are more companies that do this than I expected.
[12:18.740 --> 12:21.820]  And there are actually more companies that build traffic lights.
[12:22.020 --> 12:23.740]  Which also surprised me.
[12:26.220 --> 12:28.220]  But they all want to be the next Google, right?
[12:29.540 --> 12:31.160]  So, they all want to be the next Google.
[12:31.160 --> 12:33.360]  They all want to, like, look at our app.
[12:33.360 --> 12:34.640]  Look at our traffic light.
[12:34.640 --> 12:36.440]  It's the smartest in our way.
[12:37.320 --> 12:40.320]  So, everybody has to follow our standards.
[12:40.820 --> 12:45.300]  But they are, luckily, they are cooperating under a bigger project.
[12:45.520 --> 12:48.200]  But that's, like, on a separate track.
[12:48.200 --> 12:49.840]  But they are doing wonderful things.
[12:51.520 --> 12:53.000]  And also interesting.
[12:53.000 --> 12:55.080]  We are doing it in the Netherlands right now.
[12:55.080 --> 12:59.040]  But, of course, we want to be compatible with the whole of Europe.
[12:59.040 --> 13:00.600]  So, it's also a challenge.
[13:00.740 --> 13:03.000]  It's a really big project.
[13:03.000 --> 13:05.500]  And we are trying to achieve that.
[13:07.400 --> 13:11.040]  We do have a bunch more questions coming in chat.
[13:11.640 --> 13:13.280]  Do you want to ask any more?
[13:13.280 --> 13:15.380]  I don't want to take up all the space.
[13:15.560 --> 13:17.800]  No, go for it.
[13:17.800 --> 13:19.660]  Okay, cool.
[13:20.120 --> 13:23.100]  So, one is sort of a safety question.
[13:23.100 --> 13:26.900]  This seems, like, good to address.
[13:26.900 --> 13:29.620]  Because you guys did bring it up beforehand in our little chat.
[13:29.620 --> 13:36.280]  Do you guys wind up, if you could effectively shut down an intersection to a direction by spoofing a long-stream cyclist?
[13:36.280 --> 13:40.500]  It's not quite what we had going for, but it's along those safety tracks.
[13:40.500 --> 13:42.920]  And Phoenix does, like I'm curious, do.
[13:45.700 --> 13:47.900]  No, we haven't tried that, no.
[13:47.900 --> 13:51.680]  Just, like, consistently sending those messages to see if you can just sort of keep it great?
[13:52.220 --> 14:00.500]  Well, yeah, we've tried to do multiple messages in a couple of seconds, or just in a loop.
[14:00.500 --> 14:06.700]  And the system was just trying to turn green light on every time.
[14:06.700 --> 14:10.460]  So, yeah, it waits until the system allows it to go to green.
[14:10.460 --> 14:13.460]  So, it was just constantly requesting green.
[14:13.660 --> 14:16.280]  And the system would do it whenever it was possible.
[14:16.280 --> 14:18.540]  But it was not pressing or something.
[14:18.540 --> 14:20.060]  It would just keep on working.
[14:20.060 --> 14:24.720]  Maybe if you do it a lot, like a denial of service, you might succeed in it.
[14:24.720 --> 14:27.360]  But, yeah, that was not our goal.
[14:27.360 --> 14:32.360]  But when it's working appropriately, you sending a bunch of messages is just like an annoying pedestrian
[14:32.360 --> 14:35.660]  just pushing the sidewalk button a thousand times before it turns red.
[14:35.660 --> 14:37.960]  Yeah, all the time. You're just pushing it.
[14:37.960 --> 14:40.720]  And if it turns off, you're just pushing it on again.
[14:40.720 --> 14:43.240]  And that's the behavior that it creates.
[14:43.360 --> 14:44.980]  Yeah, that's great.
[14:47.040 --> 14:52.040]  Did you guys reach out to any of the... I mean, I guess this is one app maker in specific.
[14:52.040 --> 14:57.440]  But did you reach out to them for any comments or tell them about this at all?
[14:57.680 --> 15:00.760]  Yeah, we reached out to both vendors.
[15:02.740 --> 15:05.640]  Yeah, they were going to look into it.
[15:07.560 --> 15:08.880]  Classic response?
[15:09.360 --> 15:10.240]  Sorry?
[15:10.260 --> 15:12.360]  I said classic response. Sorry.
[15:12.360 --> 15:14.760]  Yeah, they were actually pretty interested.
[15:14.760 --> 15:16.800]  They sent a few calls.
[15:18.760 --> 15:21.080]  One of the vendors had an old plan.
[15:21.200 --> 15:24.180]  We have this plan, this plan, this plan, this plan.
[15:24.180 --> 15:25.700]  What do you think works?
[15:26.400 --> 15:29.780]  And the other vendor was like, OK, could you help us with this?
[15:30.500 --> 15:32.160]  Those were cool responses.
[15:33.300 --> 15:36.520]  But at the same time, they were like, yeah, but these are device calls.
[15:36.740 --> 15:38.000]  How do we do that?
[15:38.000 --> 15:44.340]  Yes, the standard has a security solution in it, but there's nobody providing the public key infrastructure
[15:45.020 --> 15:49.060]  There's no authorities yet in the smart traffic space.
[15:49.800 --> 15:53.900]  So, they are willing. They are looking into it.
[15:55.380 --> 15:58.940]  But also at the same time stating, it's quite hard.
[15:58.940 --> 16:00.420]  How bad is it for a bike?
[16:00.420 --> 16:02.460]  Which we actually agree on.
[16:02.520 --> 16:09.120]  This is fun and it can be annoying, but that's about to extend to the impact.
[16:10.500 --> 16:18.980]  So, the reason why we're talking about this is we think it's really important that other people know that this is even happening.
[16:18.980 --> 16:21.000]  And maybe we should look into this.
[16:21.180 --> 16:21.780]  Yes, we should.
[16:22.180 --> 16:25.960]  It's got to be the basis for a lot of infrastructure for all of us.
[16:26.460 --> 16:30.760]  And also they had quite an interesting challenge.
[16:30.760 --> 16:33.660]  Because they don't want to harm the privacy of the users.
[16:33.660 --> 16:37.480]  So, they don't want to track every cyclist in the city.
[16:37.480 --> 16:40.120]  Yes, that's good.
[16:40.760 --> 16:42.900]  But that's quite an issue.
[16:42.900 --> 16:49.280]  Because you need somehow an identifier to know that a bicyclist is the same as before.
[16:49.560 --> 16:51.860]  But then you've got some privacy issues.
[16:51.860 --> 16:56.520]  So, they don't want to track the users, but they want to know that it's the same.
[16:56.520 --> 16:59.760]  So, that's quite a challenge for them.
[16:59.760 --> 17:02.840]  Yes, an interesting challenge.
[17:03.700 --> 17:09.100]  You guys just did a natural lead into two both very important questions that were in the chat.
[17:09.700 --> 17:18.640]  Anna asks, do you have a guesstimate for when an implementation of a system like this could be secure enough to be a no-brainer?
[17:18.640 --> 17:27.740]  If it was implemented globally as a vendor thing, and do you think that the benefits are actually worth the risks of having this kind of connectivity into our traffic systems?
[17:30.640 --> 17:33.140]  I actually think it's worth it.
[17:33.140 --> 17:35.680]  Might be worth it.
[17:35.680 --> 17:37.280]  You mean for cyclists?
[17:37.460 --> 17:41.360]  No, no. I mean, for cyclists, this seems like the safest thing.
[17:43.820 --> 17:45.620]  You want to see what I can do?
[18:00.660 --> 18:06.020]  Pedestrian crossing signs are regularly not placed someplace that as a biker I can hit.
[18:06.740 --> 18:10.840]  But I still want the pedestrian crossing light quite frequently.
[18:11.480 --> 18:22.420]  So, I can definitely see why I would want to use this kind of system, but that doesn't mean tying my phone into critical infrastructure, basically.
[18:23.560 --> 18:26.840]  We actually have quite some bike roads in the Netherlands.
[18:26.840 --> 18:29.000]  We have more bikes than people.
[18:30.360 --> 18:35.040]  So, people use this as a mode of transport.
[18:35.700 --> 18:41.140]  I think there are probably only people that really enjoy the whole bike thing.
[18:42.500 --> 18:47.640]  And I actually think if you make it hard to get an account of this,
[18:48.380 --> 18:53.660]  maybe even like the, how many boats do you see in these pictures?
[18:53.740 --> 18:55.440]  Like the Google CupJab.
[18:56.480 --> 18:59.520]  Then, at least, if somebody's proof, he's one bike.
[18:59.520 --> 19:03.480]  Or if he's really persistent, he's probably 10 bikes.
[19:04.120 --> 19:09.940]  But I mean, he's not going to hire a pig farm somewhere to get all the CupJabs.
[19:09.940 --> 19:18.340]  So, I think they would have very little security extra features on it.
[19:18.340 --> 19:19.840]  Very little tracking.
[19:20.420 --> 19:25.840]  And it would still make it more difficult for somebody to play with this.
[19:26.020 --> 19:32.820]  But I think in a broader perspective, where, I don't know, traffic is talking to each other.
[19:33.780 --> 19:36.380]  Traffic lights, road signs.
[19:36.380 --> 19:40.040]  There's an incident and all the cars get alerted to it.
[19:40.040 --> 19:42.120]  An ambulance needs to get somewhere.
[19:42.120 --> 19:46.880]  And all the traffic lights ahead of it know when to turn green for that particular...
[19:46.880 --> 19:49.220]  So, the ambulance gets there faster.
[19:49.460 --> 19:53.140]  Those kind of innovations are, I think, really important.
[19:53.720 --> 19:58.280]  Economically, because if the trucks are faster and easier to get there, it's better for us.
[19:58.280 --> 20:00.460]  If we have less traffic, it's better for us.
[20:00.460 --> 20:02.960]  But also from a safety perspective.
[20:02.960 --> 20:10.060]  Because I do believe that eventually machines will be better at driving than we are.
[20:10.780 --> 20:18.620]  And if that's the case, if we have such a system, then it's really important that this whole thing is a bit more secure.
[20:18.860 --> 20:20.340]  I don't know how long it will take.
[20:20.340 --> 20:22.340]  Probably a pretty long time.
[20:22.340 --> 20:24.920]  But when the big car companies...
[20:24.920 --> 20:26.480]  Like, we're going to do this.
[20:26.940 --> 20:29.020]  I think it might go far.
[20:29.020 --> 20:38.380]  So, based off of some past experience with car research, do you feel like this is a place where the vendors are going to...
[20:38.380 --> 20:41.600]  Like, they're intentionally trying to set this up correctly?
[20:42.080 --> 20:46.900]  Or do you think this is going to be another one of those situations where security is a second-class citizen?
[20:47.700 --> 20:48.340]  I don't know.
[20:48.340 --> 20:49.320]  Any thoughts?
[20:49.420 --> 20:52.020]  I have very little experience with car security.
[20:52.020 --> 20:53.480]  How is car security?
[20:54.140 --> 20:55.580]  No ecosystem.
[20:55.580 --> 21:02.340]  I mean, there is a car-hacking village, and I've never known those guys to fail.
[21:04.920 --> 21:05.480]  So...
[21:05.480 --> 21:06.760]  It was fun.
[21:07.100 --> 21:08.080]  Yes.
[21:11.600 --> 21:13.900]  Cliver, do you have any questions lined up?
[21:15.400 --> 21:16.520]  Let's see.
[21:16.620 --> 21:19.960]  Well, we can throw the one from Fenix out there.
[21:19.960 --> 21:27.280]  Fenix asked, in your talk, you mentioned you saw one app sending what looked like CAM data being sent over MQTT,
[21:27.280 --> 21:31.660]  which maybe implies it's just being directly routed to the controlling systems.
[21:31.660 --> 21:36.760]  Are you looking to do follow-up research on the server side or controller components?
[21:39.720 --> 21:48.120]  Well, we would really like to do so, but of course, the vendor has to give the access in order to do so.
[21:48.120 --> 21:54.240]  So, yeah, of course, we would really like to do research further on this and dive into it.
[21:54.240 --> 21:58.000]  So, yeah, I would definitely like it to do so.
[21:58.440 --> 22:03.040]  But, yeah, the vendor also has to work with us together.
[22:03.100 --> 22:07.140]  But we are in good contact with them, so who knows?
[22:07.620 --> 22:08.500]  Hopefully.
[22:09.980 --> 22:14.360]  Yeah, they actively said that they wanted to work with you.
[22:14.360 --> 22:15.880]  It's heartening for me.
[22:18.120 --> 22:24.900]  Is there, like, a next for you guys? Because I know a lot of times you kind of just run out of time for your research.
[22:24.900 --> 22:31.260]  Are there future plans on what you want to look into going forward, or have you taken this as far as you want to?
[22:33.460 --> 22:35.320]  No, I don't think it's...
[22:35.880 --> 22:44.440]  If we get the chance to play with some of the stuff, I mean, there's stuff apparently, and we don't think it can do a thing.
[22:44.960 --> 22:46.320]  I want to do a thing.
[22:47.040 --> 22:57.640]  There might be, like, trucks or other car apps that might come out, or other of these cool new innovations.
[22:57.640 --> 23:01.320]  But getting access is usually the hard part.
[23:01.660 --> 23:07.380]  But if you can get access, I mean, it would definitely be fun.
[23:07.680 --> 23:10.420]  But, I mean, the moment you start...
[23:10.420 --> 23:15.820]  Like, let's say one of these companies allows access to their internal stuff.
[23:16.580 --> 23:19.560]  It's probably not going to be a difficult thought, unfortunately.
[23:30.820 --> 23:32.380]  Us too.
[23:40.420 --> 23:44.380]  Like, had to cut because you were short on time, or anything like that?
[23:46.780 --> 23:49.720]  We had to remove Burt from Burtner.
[23:50.500 --> 23:52.820]  That hurt, man. That hurt.
[23:54.020 --> 23:58.720]  So, we had, like, Burt, the gif, where he's like...
[23:58.720 --> 24:05.480]  And, um, we had that because we had something like a line, like, they're allowing us to talk to traffic lights.
[24:05.680 --> 24:07.460]  So we had a Burt surprise.
[24:07.460 --> 24:11.340]  And then we got feedback, like, no, you can't have that.
[24:11.640 --> 24:15.680]  We had to remove that because it's probably copyrighted.
[24:15.680 --> 24:17.060]  Oh, okay, yeah, fair enough.
[24:17.060 --> 24:19.080]  You mentioned the Italian job.
[24:19.080 --> 24:31.940]  And the thing is, I spent... I wasted a good four hours cutting together footage from the Italian job, hackers, and watchdogs.
[24:32.460 --> 24:38.060]  Just so we could have, like, a ten-second video where it's like, this dog is talking about this.
[24:38.060 --> 24:40.820]  And then show, like, all these crazy car hacks.
[24:41.200 --> 24:43.700]  And it was such a nice intro, and I was so proud of it.
[24:43.780 --> 24:47.720]  And the first thing we go back, like, no, that can't happen. We have to remove that.
[24:47.840 --> 24:50.660]  Oh, that's unfortunate. Fair use.
[24:51.120 --> 24:52.180]  Fair use.
[24:52.380 --> 24:53.100]  Yeah.
[25:01.480 --> 25:03.340]  Yeah, it's still working through.
[25:05.620 --> 25:07.740]  We're approaching the end of our sessions.
[25:08.960 --> 25:12.860]  Usually this is where the questions start to die out.
[25:13.980 --> 25:20.240]  Do you guys have any advice for somebody else that wants to just kind of dig in and begin this kind of research?
[25:20.240 --> 25:24.060]  I know there's a lot of people out there that think what you guys did is really interesting.
[25:24.060 --> 25:27.140]  And, like, maybe people think, like, why can't I do that?
[25:27.140 --> 25:31.560]  Could they? And how would you give them advice on how to start the type of research that you two do?
[25:34.080 --> 25:39.500]  Well, I think just look into the inventions that are going on in your country.
[25:39.500 --> 25:44.220]  Because, well, I didn't know that this kind of cool stuff was going on in the Netherlands.
[25:44.220 --> 25:47.600]  But, yeah, some article pointed us on that.
[25:47.880 --> 25:56.980]  But I think with some googling you can find some cool stuff and just look into the things that they already have released and dive into it, yeah.
[25:57.280 --> 25:57.800]  Yeah.
[25:58.840 --> 26:04.960]  I think get Greenlight mobile app.
[26:05.080 --> 26:07.080]  And then just see what pops up.
[26:07.080 --> 26:10.600]  And there's probably some company trying something out.
[26:10.600 --> 26:15.260]  And then after that just pull it to Burp.
[26:15.260 --> 26:19.100]  See what it sends to the backend.
[26:19.600 --> 26:21.240]  And see what happens.
[26:21.240 --> 26:24.260]  Maybe decompile the app.
[26:24.260 --> 26:25.780]  See how it works.
[26:25.780 --> 26:31.940]  I mean, I remember when some of those news articles come out, I don't care.
[26:32.280 --> 26:33.820]  I can't read them.
[26:34.300 --> 26:38.980]  And Wesley has like a skill where he's actually like, oh, this is interesting.
[26:39.220 --> 26:42.080]  And my default mode is like, no care, go away.
[26:42.220 --> 26:46.340]  And then after like a couple of minutes, he was like, oh, but look, this is really interesting.
[26:46.340 --> 26:48.440]  And then I was like, oh, wow, he's right.
[26:48.440 --> 26:54.660]  And so keep an open mind with those kind of things.
[26:54.660 --> 26:55.740]  Really important.
[26:56.060 --> 26:59.480]  And I remember when we were trying to, but you were like, okay, this is common.
[26:59.940 --> 27:02.420]  Can we just create a Python script?
[27:03.000 --> 27:03.200]  Yeah.
[27:04.900 --> 27:07.660]  Like ASM1 encoded.
[27:07.660 --> 27:09.340]  So our own scheme.
[27:09.340 --> 27:12.500]  And then through Protobuf, Google Protobuf.
[27:12.500 --> 27:14.880]  And then push it to MP3.
[27:18.640 --> 27:23.860]  And after a while, they were like, okay, you spent way too much time on this.
[27:23.920 --> 27:25.920]  Can't we just modify the app?
[27:25.920 --> 27:27.600]  And I was like, what the fuck?
[27:27.600 --> 27:28.840]  What do you mean modify the app?
[27:28.840 --> 27:30.680]  I've been spending way too much time on this.
[27:30.680 --> 27:33.600]  We are not quitting this venue.
[27:35.000 --> 27:36.820]  To keep on trying.
[27:36.900 --> 27:39.660]  And if it doesn't work, try to find a workaround.
[27:39.860 --> 27:41.120]  Yeah, work smarter.
[27:43.000 --> 27:46.640]  Frida was way easier because he just instrumented the app.
[27:46.920 --> 27:52.320]  And modified the browser before he got to the function that actually created the object.
[27:52.320 --> 27:56.560]  So he was pretty good for it.
[27:57.640 --> 27:58.860]  To go in.
[28:00.600 --> 28:03.880]  Sometimes something can be sitting right in front of you and you just need a fresh pair of eyes.
[28:03.880 --> 28:06.420]  And you're just like, why aren't you just doing this?
[28:06.420 --> 28:08.780]  Yeah, but that's a lot in our own business.
[28:10.480 --> 28:13.140]  Yeah, another few is important.
[28:13.600 --> 28:15.760]  The solution might be very easy.
[28:16.380 --> 28:19.740]  It's really easy to go full laser on a problem.
[28:25.860 --> 28:28.080]  We are approaching the end of our time.
[28:28.080 --> 28:30.000]  I think we've got two minutes left in our session.
[28:30.000 --> 28:37.960]  Is there anything you guys want to shout out or call out or do before the Q&A session ends?
[28:37.960 --> 28:42.980]  Yeah, if anybody has more questions and they wanted to reach you after this, how would they do that?
[28:44.840 --> 28:48.560]  Twitter, I think it's the easiest way. Just a direct message.
[28:51.160 --> 28:52.440]  What's your Twitter?
[28:53.800 --> 28:55.440]  Just my name.
[28:55.440 --> 28:56.420]  Just your name?
[28:57.120 --> 29:03.240]  Maybe we can drop it in the track one talk as soon as the Q&A session ends.
[29:03.960 --> 29:09.640]  You can reach out on Twitter if there's anything you want to know or if you want to play around with it.
[29:09.660 --> 29:13.680]  Or if you want to learn something or you have a question about the tool or something.
[29:14.560 --> 29:15.440]  Perfect.
[29:16.440 --> 29:23.320]  Well, thank you both a ton for doing a talk at Virtual DEF CON Safe Mode.
[29:23.840 --> 29:26.660]  Thank you for doing this Q&A session. It's been great.
[29:27.820 --> 29:32.300]  Yeah, I hope you guys participate in DEF CON again.
[29:32.300 --> 29:34.100]  Yeah, it's very cool.
[29:34.320 --> 29:36.400]  It was really fun.
[29:36.520 --> 29:37.080]  Yeah.
[29:37.680 --> 29:38.480]  Alright.
[29:40.480 --> 29:41.880]  Thanks so much for doing this.
[29:42.520 --> 29:47.440]  And everybody come on back in about a half an hour and we'll have a couple more speakers and goons here to talk with you.
[29:47.520 --> 29:48.260]  Thanks guys.
